Difference between revisions of "Managing SSL Certificates"
imported>Aeric |
imported>Aeric |
||
| Line 10: | Line 10: | ||
:1. Create a keystore and a private key: | :1. Create a keystore and a private key: | ||
::{| | ::{| | ||
<pre>cd {install_dir}/profiles/ | <pre>cd {install_dir}/profiles/IS_default/configuration/tomcat/conf/RN | ||
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}</pre> | keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}</pre> | ||
| Line 52: | Line 52: | ||
::'''<Install_directory>/profiles/IS_default/configuration/com.softwareag.platform.config.propsloader''' folder. | ::'''<Install_directory>/profiles/IS_default/configuration/com.softwareag.platform.config.propsloader''' folder. | ||
{{Note|The '''keystorePass''' value provided by you in plain text is encrypted automatically when you restart the AgileApps application server.}} | {{Note|The '''keystorePass''' value provided by you in plain text is encrypted automatically when you restart the AgileApps application server.}} | ||
:3. After updating the properties, place the certificate in the ''' | :3. After updating the properties, place the certificate in the '''{install-dir}/profiles/IS_default/configuration/tomcat/conf''' folder. | ||
:4. Restart the memcached server and start the AgileApps application server. | :4. Restart the memcached server and start the AgileApps application server. | ||
Revision as of 11:40, 16 October 2019
Obtaining an SSL Certificate
The platform provides a default self-signed certificate which is used by the Application Server.
To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.
The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.
To create a Certificate Signing Request (CSR)
- 1. Create a keystore and a private key:
cd {install_dir}/profiles/IS_default/configuration/tomcat/conf/RN keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}
- 2. Create a CSR from the keystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore {keystore_filename}
- 3. Submit the resulting file, certreq.csr, to the CA to obtain a certificate.
(When the certificate arrives, you are ready for the next step of steps.)
To Install the Certificate Obtained from the CA
Once you have obtained a certificate, you need to import it into the keystore.
But first, in addition to your certificate, the CA might provide a Chain/Root Certificate, which must also be imported. If you have received a chain certificate from the CA, then:
- 1. Copy the contents of the chain certificate into a file called chain
- 2. Import the chain certificate into your keystore:
keytool -import -alias root -keystore {keystore_filename} -trustcacerts -file chain
When the chain certificate (if any) has been imported, you are ready for the final step:
- 3. Import the certificate received from the CA:
keytool -import -alias tomcat -keystore {keystore_filename} -trustcacerts -file {certificate_filename}
To update a Customer SSL Certificate in AgileApps
- 1. Stop the Application server.
- 2. Update keystoreFile and keystorePass values in “com.softwareag.catalina.connector.https.pid-agileappsHttps-8284.properties” file available under
- <Install_directory>/profiles/IS_default/configuration/com.softwareag.platform.config.propsloader folder.
Note: The keystorePass value provided by you in plain text is encrypted automatically when you restart the AgileApps application server.
- 3. After updating the properties, place the certificate in the {install-dir}/profiles/IS_default/configuration/tomcat/conf folder.
- 4. Restart the memcached server and start the AgileApps application server.
Learn More
- Certificate Signing Request (CSR) Generation Instructions-Tomcat, at
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR227